Bug 1713627 - dnf exits with "Error: Failed to synchronize cache for repo 'xxx'" without further details
Summary: dnf exits with "Error: Failed to synchronize cache for repo 'xxx'" without fu...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: dnf
Version: 8.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: 8.0
Assignee: Pavla Kratochvilova
QA Contact: Eva Mrakova
URL:
Whiteboard:
Depends On:
Blocks: 1755139
TreeView+ depends on / blocked
 
Reported: 2019-05-24 09:59 UTC by Renaud Métrich
Modified: 2020-04-28 16:48 UTC (History)
6 users (show)

Fixed In Version: dnf-4.2.17-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-28 16:47:49 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 4173841 Troubleshoot None yum/dnf exits with "Error: Failed to synchronize cache for repo 'xxx'" without further details 2019-05-27 07:45:40 UTC
Red Hat Product Errata RHBA-2020:1823 None None None 2020-04-28 16:48:03 UTC

Description Renaud Métrich 2019-05-24 09:59:44 UTC
Description of problem:

When using an internal HTTPS repo instead of subscription-manager and HTTP server certificate is self-signed, trying to use dnf fails with a cryptic error:

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Error: Failed to synchronize cache for repo 'os'
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

/var/log/dnf.log shows even cryptic backtrace:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/dnf/repo.py", line 566, in load
    ret = self._repo.load()
  File "/usr/lib64/python3.6/site-packages/libdnf/repo.py", line 503, in load
    return _repo.Repo_load(self)
RuntimeError: Failed to synchronize cache for repo 'os'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 64, in main
    return _main(base, args, cli_class, option_parser_class)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 99, in _main
    return cli_run(cli, base)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 115, in cli_run
    cli.run()
  File "/usr/lib/python3.6/site-packages/dnf/cli/cli.py", line 1124, in run
    self._process_demands()
  File "/usr/lib/python3.6/site-packages/dnf/cli/cli.py", line 828, in _process_demands
    load_available_repos=self.demands.available_repos)
  File "/usr/lib/python3.6/site-packages/dnf/base.py", line 400, in fill_sack
    self._add_repo_to_sack(r)
  File "/usr/lib/python3.6/site-packages/dnf/base.py", line 135, in _add_repo_to_sack
    repo.load()
  File "/usr/lib/python3.6/site-packages/dnf/repo.py", line 568, in load
    raise dnf.exceptions.RepoError(str(e))
dnf.exceptions.RepoError: Failed to synchronize cache for repo 'os'
2019-05-24T09:45:02Z CRITICAL Error: Failed to synchronize cache for repo 'os'
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------


Administration can only understand what the real issue is by looking at /var/log/dns.librepo.log log and checking DEBUG logs:

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
2019-05-24T09:45:02Z DEBUG check_transfer_statuses: Transfer finished: repodata/repomd.xml (Effective url: https://<HTTPS_URL>/repodata/repomd.xml)
2019-05-24T09:45:02Z DEBUG check_transfer_statuses: Error during transfer: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://<HTTPS_URL>/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]
2019-05-24T09:45:02Z DEBUG check_transfer_statuses: Ignore error - Try another mirror
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

This needs improvment (at least this shouldn't be DEBUG level).


Version-Release number of selected component (if applicable):

dnf-4.0.9.2-5.el8.noarch


How reproducible:

Always


Steps to Reproduce:
1. Use some internal HTTPS repository, self-signed or without known certificate

Comment 7 Pavla Kratochvilova 2019-11-19 10:11:04 UTC
I created patch that prints all the errors of the individual mirrors (in this case it would be the curl error): https://github.com/rpm-software-management/dnf/pull/1492

The errors are printed only when the whole download fails, so if it's a mirrorlist with only a few unavailable mirrors, nothing is printed (but the messages are stil visible in --verbose mode and in dnf.librepo.log).

Tests in ci-dnf-stack: https://github.com/rpm-software-management/ci-dnf-stack/pull/643

Comment 11 errata-xmlrpc 2020-04-28 16:47:49 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1823


Note You need to log in before you can comment on or make changes to this bug.